Spring Security Basic auth header without user results in exception

Summary

When providing a basic auth header without any user/password combination an java.lang.StringIndexOutOfBoundsException: String index out of range: -1 is thrown.

Actual Behavior

When a Basic Auth Web Request is executed with following header: Authorization: Basic an index out of range exception is caused. By these lines within the BasicAuthenticationConverter

This exception causes an http 500 respones.

Expected Behavior

Expected would be a http 401 as result of the original web request

Configuration

Version

spring-security: 5.2.2.RELEASE

Sample

Comment From: zeeshanadnan

@eleftherias if no one is working on this i would like to take it.

Comment From: eleftherias

Thanks @zeeshanadnan! The issue is yours.